<?php

include 'globals.php';

if (isset($_SESSION['cliente'])) {
    header('Location: dashboard.php');
    die();
}

if (isset($_POST['submit'])) {
    $conn = @mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME) or die(mysqli_connect_error());

    $usr=$_POST['name'];
    $psw=$_POST['password'];

    $query = "SELECT * FROM clienti WHERE Username='$usr' AND Password='$psw'";
    $ris = @mysqli_query($conn, $query) or die("Errore!!");
    if (@mysqli_num_rows($ris) == 1) {
        $riga = mysqli_fetch_array($ris, MYSQLI_ASSOC);
        if ($riga['Tok'] !== 'valido') {
            $msg = 'Validazione mail non effettuata';
        } else {
            $_SESSION['cliente'] = $riga['Username'];
            header('Location: dashboard.php');
            die();
        }
    } else {
        $msg = 'Accesso negato!';
    }
}
?>
<!DOCTYPE html>
<html>
<head>
	<meta charset="UTF-8">
	<meta name="description" content="Negozio virtuale">
	<meta name="keywords" content="php.server">
	<title>Negozio Virtuale</title>
</head>
<body>
	<h1>Login</h1>
	<a href="./register.php">Registrati</a>
	<?php if (isset($msg)) {
    echo "<p>$msg</p>";
} ?>
	<form action="login.php" method="post">
		<input type="text" name="name" size="50" maxlength="50" placeholder="username" accesskey="U" tabindex="1"/><br/>
		<input type="password" name="password" placeholder="password" size="50" maxlength="50" accesskey="U" tabindex="1"/><br/>
		<input type="submit" class="submit" name="submit" value="Accedi" />
	</form>
</body>
</html>